Aviva Connect Website Privacy Policy

Introduction

Aviva take your privacy very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your Personal Information, as an individual who is employed by, works for, manages or owns an Intermediary Firm which conducts business with Aviva and who uses the Website (“You”, “Your”).  It also explains your rights in relation to your Personal Information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain Personal Information about you. When we do so we are subject to the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that Personal Information for the purposes of those laws.

This Privacy Policy applies whether you interact with Aviva by email, in person or through the Website . A separate Aviva Privacy Policy governs the way in which Aviva collects and uses Personal Information relating to your Customers.

Aviva

This Privacy Policy is intended to be read in conjunction with the Terms of Business which Aviva has in place with your Intermediary Firm and the Aviva Connect Website Terms and Conditions of Use .  The relevant Aviva entity which is responsible for your Personal Information in accordance with this Privacy Policy will be the Aviva PLC, group company which has entered into Terms of Business with your Intermediary Firm (collectively referred to as “Aviva”, “we”, “us” and “our” in this Privacy Policy).

  • For information concerning Aviva please visit aviva.com
  • For a full list of the Aviva trading companies in the UK please see our list of Aviva companies
  • For full details as to how we collect and process your Customers’ personal information and their rights in relation to it, please visit review the Privacy Policy at aviva.co.uk.

Definitions

In this Privacy Policy, the following words shall have the following meanings except where the context requires otherwise:

“Customers”

means the end customers who you act for as an Aviva intermediary.

“Intermediary Firm”

means a firm acting as an adviser, broker and/or healthcare intermediary capacity.

“Personal Information” means any information relating to an identified or identifiable individual.
“Services”

has the meaning specified in the “How your Personal Information is collected section” below.

“Special Category Personal Information”

means:

-   Personal Information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership;

-   Genetic and biometric data; and

Data concerning health, sex life or sexual orientation.

“Terms of Business”

means the contract between your Intermediary Firm and Aviva governing their role as an intermediary for Aviva products and services.

“Website” means the Aviva Connect Website.
“We”, “us”, “our” or “Aviva” has the meaning set out in the paragraph headed “Aviva” above.
“You” “Your” has the meaning set out in the first paragraph of the “Introduction” section above.

Personal information we collect about you

We may collect and use the following personal information about you:

  • Basic personal details such as your name, address, email address, telephone number and postcode;
  • Account registration details, such as username and password;
  • Information about the Intermediary Firm you work for and your role within the firm, including the firm name, firm size, your firm role and FCA number;
  • Information about your marketing preferences;
  • If you are a director or partner of your Intermediary Firm, we will need to check and verify your identity and will collect information about your date of birth, National Insurance Number and current and previous three years’ addresses together with performing credit or other financial checks on you;
  • Transactions you have completed and quotations you have requested;
  • Information about how you use the Website, IT, communication and other systems.
  • Your responses to surveys, competitions and promotions;

This Personal Information is required to provide products and/or services to you in your capacity as an intrmediary for Aviiva.  If you do not provide Personal Information we ask for, it may delay or prevent us from providing these products and/or services to you.

How your personal information is collected

We collect information about you when you or your Intermediary Firm does business with us, including dealings we have with you through a number of channels, such as:

  • If you create an online user account or use the Website;
  • If you use any of our online services, including tools, information and functionality to help you manage new and existing products online through the Website ("the Services");
  • If you participate in any competitions;
  • If you record Continued Professional Development activity with us;
  • If you take part in activities for the Aviva Community Fund;
  • If you contact or communicate with us by telephone, mail, email, text, via the Website or in person;
  • From cookies on our Website—for more information on our use of cookies, please see our Cookie Policy
  • Via our IT systems, e.g. automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.

Use of third-party information

We obtain information about your Intermediary Firm and your Customers from our third-party suppliers and databases (including for example, Diligenta, FNZ, Capita, iPipeline and Acturis). We also use commercial property websites and government websites who assist with marketing insights, pricing research, product development, business strategy and to help us detect and prevent fraudulent activity including for example third party sanction screening providers and credit reference agencies. This includes publicly available information for example from the FCA and Companies House.

We may also gain information from other third parties with your consent, e.g. your bank.

How and why we use your personal information

Under data protection law, we can only use your Personal Information if we have identified a legal basis for doing so, such as

  • to comply with our legal obligations;
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The sections below explain what we use (process) your personal information for, our reasons and legal basis for doing so:

1.  To allow you and your Intermediary Firm to do business with us - we will use your information to:

  • set up an account with us;
  • maintain that account;
  • allow you to access and make use of the Website and our Services;
  • administer and manage products that your Customers have with us;
  • manage queries and complaints which may involve you, your Intermediary Firm or your Customers;

We use Personal information for the purposes outlined in this paragraph 1 to support the legitimate interests of our business as an insurer, and also to perform our contract to provide your firm with products and services in accordance with the Terms of Business we have in place and in the interests of providing an efficient service to you, your firm and your Customers. 

2.  To market our products and services and make improvements to our operations:

  • we will use your personal information to keep you informed about our products and services which we understand will be of interest to you, consistent with your marketing preferences. We explain more about this in our section on Marketing Communications and Cookies .
  • we will also use your personal information for research and statistical purposes to analyse how you use our Website and Services so we can improve our understanding of your needs and enhance our products and services.

We use Personal Information for the purposes outlined in this paragraph 2 for our legitimate interests or those of a third party, to promote our business and to be as efficient as we can so we can deliver the best service for you at the best price.

3.  To meet responsibilities we have to our regulators, tax officials, law enforcement and other similar bodies:

  • if you are a director or partner of your firm, we will carry out appropriate verification and credit checks. We use personal information for these purposes to comply with requirements we have under financial conduct rules and laws relating to anti-money laundering, financial crime and to prevent and detect fraud (see our section on Fraud Prevention and Detection for more information).
  • gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
  • carry out necessary background checks to make sure you and your Intermediary Firm are legitimate persons to do business with in accordance with our Terms of Business (we explain more about this in our section on Fraud Prevention and Detection).
  • preventing unauthorised access and modifications to systems
  • ensuring the confidentiality of commercially sensitive information

We use personal information for the purposes outlined in this paragraph 3 to meet our legal obligations and for our legitimate interests or those of a third party, to prevent and detect criminal activity that could be damaging for us and for you.

If you would like to know more about any of the legal reasons or legitimate interests that apply to a particular way in which we use personal information you can Contact Us at any time.

Who we share your personal information with

If you request a quote or purchase a product or service on behalf of your Customer, information about you and your firm may be shared with and processed by our third-party administrators and service providers who help us to facilitate the administration of our business. For example, Diligenta, FNZ, Capita, iPipeline and Acturis are some of our third party IT providers with who we share information.  If you require any further information, please contact us. For further details regarding how we share information related to our products and services on behalf of your Customers, please visit our Privacy Policy at aviva.co.uk.

We will also share information about you with:

  • our regulators and law enforcement as necessary for purposes of Fraud Prevention and Detection;
  • online or digital partners we work with so we can communicate with you through their platforms;
  • other third-party systems providers whose systems you request access to as part of your online account registration with us;
  • your Customers if they have queries about the services between you, them and us;
  • Aviva PLC group companies;
  • third parties we use to help deliver our products and services to you, e.g. payment service providers;
  • other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
  • third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
  • credit reference agencies; and
  • our banking partners.

We only allow our service providers to handle your Personal Information if we are satisfied that they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your Personal Information to provide services to us and to you. We may also share Personal Information with external auditors.

We may also need to share some Personal Information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Marketing communications and cookies

Marketing communications and cookies

We may use your Personal Information to send you updates (by email, text message, telephone or post) about our products and services, including promotions and new products and services.

We have a legitimate interest in processing your personal information for promotional purposes (see the Section above ‘How and Why We Use your Personal Information’) and you can always unsubscribe at any time.

To protect your privacy rights and your choice and control over the use of your Personal Information, we will always allow you the opportunity to opt-out of electronic marketing communications when you register your contact information with us. In addition, you can always ‘opt out’ of receiving direct marketing by using the unsubscribe links you will find on our marketing emails. 

If you are a Broker, you can also change your marketing preferences in the Broker Preference Centre in the profile settings of your online account at any time.

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our Website) to collect information about you, which is used to optimise what you may see on our Website and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

  • Our online advertising complies with the best practice recommendation set by the European Advertising Alliance and you will always see the blue logo on display ads visible on third-party sites.
  • You can turn off this type of advertising by visiting: youronlinechoices.com and adjusting privacy settings in your browser.
  • If we use or share information with online sources, such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your Personal Information to be used.
  • If you choose to opt-out of tailored offers and advertising, you’ll still continue to see generic advertising displayed online, it just might not be as relevant to you.
  • For further information about cookies, third-party websites, apps and other similar technologies we use on our Website, please see our Cookie Policy.

Important note on your responsibilities in handling customer data

Your firm is responsible for the lawful collection of personal information relating to any Customers with whom you do business. This includes collection and use of personal information about your Customers and any third parties whose details we may need to prepare a policy or personalised quote. Your firm must, at all times, have your Customer’s authority to share their personal information with us and it is your firm's responsibility to ensure your Customers are provided with fair processing notices which explain these arrangements to them and secure any necessary consents or other legal basis that may be required to allow this personal information to be shared with us for these purposes.

Your firm is expected to not act in any way in relation to your handling of Customer’s Personal Information which might reasonably damage the reputation or goodwill of Aviva or its relationship with its Customers. Your firm must provide to us all information in your possession concerning any unauthorised or accidental disclosure of, or access to, the Personal Information of your Customers including as a result of any unauthorised access to the Services.

Fraud prevention and detection

In order to prevent and detect fraud we may at any time:

  • share information about you with other organisations and public bodies including the Police;
  • undertake credit searches and additional fraud searches;
  • check and/or file your details with fraud prevention agencies and databases, and if you give us false or inaccurate information and we suspect fraud, we will record this to prevent fraud and money laundering.

We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details, contact us at: 

Policy Investigation Unit, Aviva, Cruan Business Centre, Westerhill Business Park, 123 Westerhill Road, Bishopbriggs, Glasgow G64 2QR. 

Telephone: 0345 300 0597

Email: PIUUKDI@aviva.com


We and other organisations may also search these agencies and databases to:

  • help make decisions about the provision and administration of insurance, credit and related services;
  • trace debtors or beneficiaries, recover debt, prevent fraud;
  • check your identity to prevent money laundering, unless you furnish us with other satisfactory proof of identity.

Where your personal information is held

Information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’.

Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see below: ‘Transferring your personal information out of the EEA’.

Transferring your personal information out of the EEA

Some of the organisations we share information with may be located outside of the European Economic Area ("EEA"). These transfers are subject to special rules under European and UK data protection law.  We will always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:

  • transfers within the Aviva Group will be covered by an agreement entered into by members of the Aviva Group (an intra-group agreement) which contractually obliges each member to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within the Group;
  • where we transfer your data to non-Aviva Group members or other companies providing us with a service, we’ll obtain contractual commitments and assurances from them to protect your personal information. Some of these assurances are well-recognised certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of Personal Information transferred from within the EU to the United States of America;
  • where we transfer Personal Information to you when you are outside the EEA;
  • we only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
  • any requests for information we receive from law enforcement or regulators will be carefully validated before Personal Information is disclosed.

You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, see our section on Your Rights.

How long your personal information will be kept

We will keep your Personal Information while your firm has  an account with us, or we are providing products and/or services to you.  Thereafter, we will keep your Personal Information for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law.

We will not retain your Personal Information for longer than necessary for the purposes set out in this Privacy Policy.  Different retention periods apply for different types of Personal Information. We maintain a data retention policy which we apply to the records we hold.

We may also retain personal information, where we have identified a legal basis for doing so, in an aggregated form which allows us to continue to develop and improve our products and services.

When it is no longer necessary to retain your personal information, we will delete or anonymise it.

Your rights

You have legal rights under data protection laws in relation to your Personal Information. Click on the links to learn more about each right you may have:

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.

We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.

Accessing personal information

You can ask us to:

  • confirm whether or not we have and are using your Personal Information
  • get a copy of your personal information

Withdrawing consent

Where we’ve asked for your consent to use your Personal Information, you’ll always have the right to withdraw such consent. Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

Correcting / erasing personal information

You can ask us to:

  • correct any information about you which is incorrect. We’ll be happy to correct such information but will need to verify the accuracy of it first.
  • erase your Personal Information if you think we no longer need to use it for the purpose we collected it from you.
  • erase your Personal Information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we’re subject to a legal obligation to erase your Personal Information.

We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligation or where we need to use it to establish, exercise or defend legal claims.

Restricting our use of personal information

You can ask us to restrict our use of your Personal Information in certain circumstances, for example, where:

  • you think the information is inaccurate and we need to verify it;
  • our use of your Personal Information is not lawful, but you do not want us to erase it;
  • the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your Personal Information, but we still need to verify if we have overriding grounds to use it.

We can continue to use your Personal Information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

Objecting to use of personal information

You can object to any use of your Personal Information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the Personal Information if we can demonstrate that we have compelling legitimate interests to use the information. 

You can also object to use of your Personal Information for direct marketing purposes. We explain in the Marketing Communications and Cookies section of this Privacy Policy more about our approach to direct marketing and how you can easily manage your marketing preferences.

Requesting a transfer of personal information

You can ask us to provide your Personal Information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).

You may only exercise this right where we use your Personal Information in order to perform a contract with you, or where we asked for your consent to use your Personal Information. This right does not apply to any personal information which we hold, or process based on our legitimate interest or which is not held in digital form.

Obtaining a copy of our safety measures

You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area. We’re not required to share details of these safeguards if sharing such details would affect our commercial position or create a security risk.

Contacting us for more information

If you’re not happy with the level of information provided in this Privacy Policy, you can ask us about:

  • what Personal Information we have about you
  • what we use it for
  • who we share it with
  • whether we transfer it abroad
  • how we protect it
  • how long we keep it for
  • what rights you have
  • how you can make a complaint
  • where we got your data from
  • whether we have carried out any automated decision-making using your personal information.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please contact us using the details in the section below.  When you make a request please can:

  • let us have enough information to identify you;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.

Security

We have appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your Personal Information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

You should also be aware that communications over the internet, such as emails, are not secure unless they have been encrypted. The Website may contain links to other Aviva Group and third-party websites. These other websites will be subject to their own privacy policies which may differ from this Privacy Policy. You should carefully read the privacy policies of these websites before submitting any personal information.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your Personal Information.

The General Data Protection Regulation also gives you right to lodge a complaint with a Supervisory Authority, in particular, in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The Supervisory Authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns or telephone: 0303 123 1113. We ask that you please attempt to resolve any issues with us before contacting the Information Commissioner.

Changes to this Privacy Policy

This Privacy Policy was published on [July] 2019

We may amend this Privacy Policy from time to time for example, to keep it up-to-date or to comply with legal requirements.  You should regularly check this Privacy Policy for updates.  If there will be any significant changes made to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by emailing you or by posting a notice on our Website.

How to contact us

If you have any questions about this Privacy Policy or how to exercise your rights, please contact our Data Protection Officer:

Address: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH.

EmailDATAPRT@aviva.com

Aviva's dedicated site for UK financial advisers only. Not for use with customers, if you're a customer please go to aviva.co.uk